The Shocking Ransomware Attacks on the Internet of Medical Things (IoMT)
Updated: Oct 12
Ransomware attacks on healthcare are as serious as they seem. These attacks have caused an annual burden on the US healthcare system of almost $21 billion. It has paid over $100 million in ransom and is now beginning to recognize the terrible realities of affected patient care, which includes higher rates of patient mortality. There are hundreds of stories that don't get reported about cyberattacks.
A study published in 2021 revealed that IoT/IoMT devices are the main attack vector for 21% of ransomware attacks. CISA Senior Advisor Joshua Corman further documented rising risks in a Senate HELP Committee hearing.
The Ponemon Institute also explored the effects of insecure medical devices and their impact on patients and hospitals in its Insecurity Of Connected Devices In Healthcare 2022 report. The report contains the following statistics:
43% of respondents had experienced at least one ransomware threat.
Cyberattacks account for 88% of all cyberattacks.
Data breaches cost an average of $1 million.
Tragically, 24% of attacks lead to higher mortality rates.
Seven out of ten (71%) respondents believe that these otherwise amazing marvels of modern medicine pose very high-security risks. Recognizing risk is an important step, but it is more of a talk than an action point.
More than half (54%) of respondents didn't report that senior management required assurances about the IoT/IoMT risk. More concerning is the fact that 67 percent of respondents don't believe their devices have been patched in a timely fashion. This is the most basic, accepted, and frequently required action for almost any healthcare environment.
Most hospitals are vulnerable due to the current state of affairs. They have a crowded staff, limited resources, inadequate cybersecurity skills, and a huge bullseye. It is necessary to unite efforts to improve hospital security. AT&T in partnership with Ivanti Neurons for Healthcare offers specific solutions to reduce risk through concrete guidance.
Reports show the security status before and after taking action. The network segmentation recommendations are integrated with existing NAC solutions, increasing intelligence and visibility. The dashboards provide a way to identify and quantify the risks of each device, manufacturer, OS type, and hardware type. This is a strategy for fighting cybercriminals who are relentless in their quest for ransom money.